> If you begin to get complaints because you are on some list whose owner > isn't bothering to conduct list hygiene, I would imagine you'd > ultimately unsubscribe from the list and find or create another one > that's properly managed.
I am about 99% certain that the FBL reports that started this discussion were either a guy who wanted to unsub from the list, or he reported his whole inbox. Nearly all of the FBL reports I get are one or the other, but this was the first time I got them for someone else's list. As I believe I said, it didn't break anything here, but it was a useless transaction, and for a small site like mine that has users who belong to a lot of lists, it could easily dominate FBL traffic. Or to put it another way, it scales poorly since the amount of traffic depends on the number of other subscribers, not on anything under your own control. For something like Dave Farber's IP list, with hundreds of thousands of subscribers, the number of bogus reports per message sent could become large. On the third hand, in practice, this is unlikely to be a big deal, since it is my impression that in the world at large, the number of lists (as opposed to courtesy forwards) that don't break the signature is insignificant. But I think it is of interest to try and figure out where the responsibility belongs for list mail, other than "everywhere", and what to recommend to people to make that easy to implement. >> Me too. Mail from the list is the responsibility of the list. QED and >> all that. > > But if you redact the original signature, you're only providing some of > the information that could be provided to the receiver. Well, yes, leaving out irrelevant info avoids misleading them. More info is not necessarily better, particularly in a situation like this where a recipient doesn't know the order or relationship of multiple signatures unless it has separate knowledge about the parties involved. > Lists, specifically, in that instance. Something like: X sends to a > list at Y that then relays to Z; Z trusts Y to implement DKIM and > Authentication-Results and all that properly, so Z believes Y when it > says "X had a signature on here that verified" even if X's signature on > arrival at Z is either invalid or absent. This returns us to the original question. Other than the implausible scenario of a system that is managed well enough to maintain the chain of signature headers, but that makes no attempt to keep spam out of its lists, in what scenario would this be of practical use in managing Z's mail? If Z trusts Y, why wouldn't it be sending reports about Y's lists to Y? People have been saying since the dawn of DKIM that they want to see the incoming signatures on list mail, but I have yet to hear a plausible story about what to do with them. As far as I can tell, it's just an unexamined assumption that more signatures must be better, or that they as the original signer will then somehow be able to tell recipients what to do. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
